Image forming apparatus and control method

ABSTRACT

An image forming apparatus includes a setting unit that performs setting of a system, an image formation section that forms an image according to the setting, and a processing unit that performs a process for a quarantine against a virus. The setting unit performs setting concerning security. The processing unit implements the quarantine against a virus if the setting concerning security has been changed.

BACKGROUND OF THE INVENTION Field of the Invention

The present disclosure relates to an image forming apparatus and acontrol method.

Description of the Background Art

In recent years, an image forming apparatus such as a compound machine(multifunction peripheral/printer (MFP)) performs data transmission toand reception from another apparatus over a network or through some sortof means so as to realize various functions. Under these circumstances,virus scanning is also required for compound machines.

As to the virus scanning, various technologies have been proposed. Forinstance, it has been proposed to perform a virus check on data if afunction to automatically delete data after the completion of a job ofdata transmission is set to be ineffective.

With such conventional technology, however, even a compound machinehaving a virus scanning function only performs a virus scan on aspecified place at a time designated in advance, without taking thesituation of setting for the compound machine or an operation by a userinto account. Consequently, an unnecessary virus scan may be performed,or no virus scans may be performed until next time to perform a virusscan although the virus scanning is being required, leading to a delayeddetection of a virus.

In view of the problems as above, the present disclosure is aimed atproviding an image forming apparatus and a control method both allowinga virus scan to be appropriately performed according to the state ofthings.

SUMMARY OF THE INVENTION

In order to solve the above problems, an image forming apparatusaccording to the present disclosure includes: a setter that performssetting of a system; an image former that forms an image according tothe setting; and a processor that performs a process for a quarantineagainst a virus, the setter performs setting concerning security, andthe processor implements the quarantine against a virus if the settingconcerning security has been changed.

A control method according to the present disclosure is a control methodfor an apparatus including an image former to form an image according tosetting and a processor to perform a process for a quarantine against avirus, the control method including: implementing setting of a system;and implementing the quarantine against a virus if setting concerningsecurity has been changed.

According to the present disclosure, an image forming apparatus and acontrol method both allowing a virus scan to be appropriately performedaccording to the state of things are provided.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an external perspective view of an image forming apparatusaccording to a first embodiment.

FIG. 2 is a diagram for describing a functional configuration of theimage forming apparatus of the first embodiment.

FIG. 3 is a diagram illustrating a data organization of a setting tablein the first embodiment.

FIG. 4 is a diagram illustrating a data organization of a scanperforming pattern table in the first embodiment.

FIG. 5 is a flowchart illustrating a flow of main processing in thefirst embodiment.

FIG. 6 is a diagram illustrating an example of a setting screen in thefirst embodiment.

FIG. 7 is a diagram for describing a functional configuration of animage forming apparatus according to a second embodiment.

FIG. 8 is a diagram illustrating a data organization of a setting tablein the second embodiment.

FIG. 9 is a diagram illustrating a data organization of a scanperforming pattern table in the second embodiment.

FIG. 10 is a flowchart illustrating a flow of main processing in thesecond embodiment.

FIG. 11 is a diagram for describing a functional configuration of animage forming apparatus according to a third embodiment.

FIG. 12 is a diagram illustrating a data organization of a setting tablein the third embodiment.

FIG. 13 is a flowchart illustrating a flow of main processing in thethird embodiment.

FIG. 14 is a flowchart illustrating a flow of main processing in afourth embodiment.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the following, embodiments for carrying out the present disclosureare described with reference to the drawings. The embodiments below areeach an example for describing the present disclosure, so that atechnical scope of the recital in the claims is not limited to thefollowing description.

1. First Embodiment

A first embodiment is an embodiment where an image forming apparatusaccording to the present disclosure is applied to a compound machine 10.The compound machine 10, also called a multifunction peripheral/printer(MFP), has basic functions (copying function, printing function,scanning function, and the like) of a MFP. In addition, the compoundmachine 10 in the present embodiment has a virus scanning function.

1.1 Functional Configuration

FIG. 1 is an external perspective view of the compound machine 10according to the first embodiment, and FIG. 2 is a block diagramillustrating a functional configuration of the compound machine 10. Asillustrated in FIG. 2 , the compound machine 10 includes a controller100, an image input section 120, an image formation section 130, adisplay section 140, an operation section 150, a storage 160, aconnection section 180, and a communications section 190.

The controller 100 is a functional part for controlling the whole of thecompound machine 10. The controller 100 reads and executes variousprograms stored in the storage 160 so as to realize various functions,and is constituted of one or multiple arithmetic devices (centralprocessing units (CPUs)), for instance. The controller 100 may be formedas a system-on-a-chip (SoC) device having two or more functions out ofthe functions to be described later.

The controller 100 executes the programs stored in the storage 160 so asto serve as an image processing unit 102, a setting unit 104, and aquarantine processing unit 106.

The image processing unit 102 performs processes relating to variousimages. For instance, the image processing unit 102 performs asharpening process or a gradation conversion process on an image inputthrough the image input section 120, the connection section 180 or thecommunications section 190.

The setting unit 104 performs various settings (system settings) for thecompound machine 10. Further, the setting unit 104 provides a settingmeans for carrying out various settings for the compound machine 10. Forinstance, the setting unit 104 provides a screen (setting screen) fordisplaying and changing the settings for the compound machine 10according to an operation by a user. The setting screen is displayed onthe display section 140. The setting screen may be provided as aWeb-operated user interface (UI) that is a UI displayed through a Webbrowser. The setting unit 104 stores a setting content set (input) bythe user through the setting screen in a setting table 172 to bedescribed later, so as to reflect the setting content in the compoundmachine 10.

In the present embodiment, setting of a security policy (settingconcerning security) of the compound machine 10 is possible as a settingfor the compound machine 10, and the setting unit 104 is assumed to becapable of changing the security policy (changing the setting concerningsecurity) of the compound machine 10.

The setting concerning security is assumed to include setting concerninga process for a quarantine against a virus (setting as to performance ofa virus scan, for instance) in the compound machine 10. The process forthe quarantine against a virus in the compound machine 10 includes avirus scan for detecting a virus in data stored in the storage 160 ofthe compound machine 10, a process for disinfection of a detected virus,and a process for isolating or deleting data where a virus has beendetected.

The quarantine processing unit 106 performs the process for thequarantine against a virus. In other words, the quarantine processingunit 106 realizes the virus scanning function (application), which thecompound machine 10 is equipped with (which is installed in the compoundmachine 10). If a pattern indicated by virus pattern data stored in avirus pattern data storage region 170 to be described later and part ofdata stored in the storage 160 conform with each other, for instance,the quarantine processing unit 106 detects a virus, namely, infection ofthe data with the virus.

The quarantine processing unit 106 may perform the process for thequarantine against a virus, based on setting concerning the quarantineagainst a virus stored in the setting table 172. In addition, thequarantine processing unit 106 may have a function to detect a change ininternal condition of the compound machine 10 or a change in datamanaged by the compound machine 10 (data stored in the storage 160). Inthat case, the quarantine processing unit 106 performs the virus scan ona storage region influenced by the change in internal condition of thecompound machine 10 or the change in data managed by the compoundmachine 10. The quarantine processing unit 106 may detect a hackingattack and, if an attack from a specified Internet Protocol (IP) addresshas become clear, perform the virus scan on a region in the storage 160relating to a remote job, irrespective of communication sender. Theimage input section 120 inputs an image to the compound machine 10. Theimage input section 120 is constituted of a scanner to read an originalplaced on an original table, for instance. The scanner is, for instance,a device that uses an image sensor such as a charge-coupled device (CCD)and a contact image sensor (CIS) to convert an image into electricsignals, and quantizes and encodes the electric signals. The image inputsection 120 may be constituted of an interface (terminal) for reading animage stored in a universal serial bus (USB) memory so as to input animage read from the USB memory. The image input section 120 may alsoreceive an image from another apparatus through the connection section180 or the communications section 190 so as to input the received image.

The image formation section 130 forms (prints) an image on a recordingmedium such as a recording sheet according to a setting content setthrough the setting screen and thus stored in the setting table 172. Forinstance, the image formation section 130 forms a color image or onlyforms a monochrome image according to the setting of an available colormode. The image formation section 130 is constituted of a printingdevice such as a laser printer using an electrographic technology, forinstance. As an example, the image formation section 130 feeds arecording sheet from a paper feed tray 132 included in the compoundmachine 10, forms an image on a surface of the recording sheet, anddischarges the recording sheet from a paper discharge tray 134 includedin the compound machine 10.

The display section 140 displays various kinds of information. Thedisplay section 140 is constituted of a display device such as a liquidcrystal display (LCD), an organic electroluminescence (EL) display, anda micro light emitting diode (LED) display, for instance.

The operation section 150 receives an instruction on an operation by auser of the compound machine 10. The operation section 150 isconstituted of an input device such as a key switch (hard keys) and atouch sensor. As to the touch sensor, any of common detection methods,such a resistive method, an infrared method, an inductive method, and anelectrostatic method, will do as a method for detecting an input bycontact (touch). The compound machine 10 may be equipped with a touchpanel that the display section 140 and the operation section 150 areintegrally formed into.

The storage 160 stores various programs necessary to the working of thecompound machine 10, and various kinds of data. The storage 160 isconstituted of such a storage as a solid state drive (SSD) that is asemiconductor memory, and a hard disk drive (HDD).

The storage 160 secures a system region 162, an application-specificdata region 164, a spool region 166, a data region 168, and the viruspattern data storage region 170, and stores the setting table 172 and ascan performing pattern table 174. The system region 162, theapplication-specific data region 164, the spool region 166, and the dataregion 168 are each a region that the virus scan is to be performed on.

The system region 162 is a region where an operating system (OS) for thecompound machine 10 and data on the basic functions of the compoundmachine 10 are stored, and where data is temporarily stored during theworking of the OS or the basic functions. The basic functions of thecompound machine 10 refer to functions that the compound machine 10originally has, including the copying function, the printing function,and the scanning function.

The system region 162 may include the following regions.

(1) Firmware Region 1622

A firmware region 1622 is a region where firmware of the compoundmachine 10 is stored and decompressed.

(2) Application Region 1624

An application region 1624 is a region where an application is stored,and data is temporarily stored during the running of the application.The application refers to a program for extending the basic functions ofthe compound machine 10 and adding a new function to the compoundmachine 10. The application region 1624 may include a shared regionavailable to the application and a system (the OS, for instance) for thecompound machine 10 in common.

(3) System-Specific Region 1626

A system-specific region 1626 is a region specific to the system, wherethe OS, programs for realizing the basic functions, and the like arestored. The system-specific region 1626 is a region not used by theapplication nor the user.

The application-specific data region 164 is a region whereapplication-specific data is stored. In the application-specific dataregion 164, setting information on an application is stored, forinstance.

The spool region 166 is a region that is temporarily used by thecompound machine 10 when a specified function is realized (a job isperformed) by the compound machine 10. If data is input from an externaldevice to the compound machine 10, for instance, the input data istemporarily stored in the spool region 166. If data is output from thecompound machine 10 to the external device, the data to be output istemporarily stored in the spool region 166.

The data region 168 is a region where data on a function (job) used bythe user is stored. The data region 168 is chiefly secured in a storage(auxiliary storage). The data region 168 may be constituted of a networkattached storage (NAS).

The data region 168 may include the following regions.

(1) User Region 1682

A user region 1682 is a region where data input by the user is stored.For instance, the data on a document or an image, which is acquired orreceived from another apparatus or storage (USB memory, for instance),is stored in the user region 1682.

(2) System Region 1684

A system region 1684 is a region where data on the system (OS and basicfunctions) of the compound machine 10 is stored.

(3) Application Region 1686

An application region 1686 is a region where data on an application isstored.

The regions as above are examples. According to the model, the basicfunctions, the software/hardware configuration, and the like of thecompound machine 10, nothing but necessary regions need to beappropriately secured in the storage 160.

In the virus pattern data storage region 170, the virus pattern data isstored. The virus pattern data is the data, in which an appearancepattern of data characteristic of or specific to a known computer virusis defined, and is stored as a result of acquisition from a device orservice providing the virus pattern data.

The setting table 172 is a table that stores information on the settingsfor the compound machine 10. As an example, the setting table 172 is atable where a setting item, a settable range that indicates a range ortype settable as a setting content for the setting item, and the settingcontent, which has been set for the setting item, are associated withone another, as illustrated in FIG. 3 . The setting table 172 previouslystores initial values, for instance, which are updated by the settingunit 104.

In the setting table 172, various setting contents related to thefollowing settings concerning the quarantine against a virus, which aresettings concerning security, are stored, in addition to a content ofsetting concerning user authentication or user management for thecompound machine 10 and a content of setting concerning an image formedby the compound machine 10.

(1) Setting as to Effectiveness/Ineffectiveness of Virus ScanningFunction (a Section D100 in FIG. 3 )

Setting as to effectiveness/ineffectiveness of the virus scanningfunction refers to setting for changing the virus scanning function inthe compound machine 10 on the whole from “effective (ON)” to“ineffective (OFF)” and vice versa.

(2) Setting as to Effectiveness/Ineffectiveness of Virus Scanning ofInput/Output Data (a Section D102 in FIG. 3 )

Setting as to effectiveness/ineffectiveness of virus scanning ofinput/output data refers to setting as to whether to scan the input dataor file in a phase where the data (scanning data, printing data orfacsimile (FAX) data, for instance) to be input to the compound machine10 has been input from outside.

(3) Setting as to Virus Scanning at Designated Time (a Section D104 inFIG. 3 )

Setting as to virus scanning at a designated time refers to setting of aschedule of the virus scanning, that is to say, setting for designatinga day of the week or time when the virus scan is to be performed, so asto cause the virus scan to be automatically performed at designated dateand time. The setting as to the virus scanning at a designated time maybe carried out by setting a frequency that the virus scan is to beperformed at (monthly, weekly or daily, for instance) or setting timewhen the virus scan is to be performed, as illustrated in a section D106in FIG. 3 . If the frequency is set to “monthly”, the date (“thefifteenth of every month”, for instance) or a specified day of the week(“the every first Sunday”, for instance), when the virus scan is to beperformed, may be settable. If the frequency is set to “weekly”, the dayof the week (“Sunday”, for instance), when the virus scan is to beperformed, may be settable.

(4) Setting of Scanning Target (a Section D108 in FIG. 3 )

Setting of a scanning target refers to setting for designating data foreach kind to or not to be taken as a virus scanning target if the virusscan is performed at a designated time (the process for the quarantineagainst a virus is periodically performed) and an on-demand virus scanis performed. In other words, it is assumed that a storage region wherethe virus scan is to be performed is selectable. The data includes threekinds of data, namely, a system file (a file stored in the system region162), an installed application (a file stored in theapplication-specific data region 164), and an NAS-saved data (a filestored in the data region 168) as illustrated in FIG. 3 , for instance.For each kind, the data is set to or not to be taken as a scanningtarget (that is to say, to be scanned or not to be scanned).

The data stored in the spool region 166 is subjected to virus scanningonly if the virus scanning of input/output data is set to be effective.Consequently, in the present embodiment, the data stored in the spoolregion 166 is not assumed as an object of the setting of the scanningtarget.

The setting contents stored in the setting table 172 may include asetting content as to whether to perform the virus scan during theaddition (installation) of an application and a setting content as towhether to allow the on-demand (user-operated) virus scan to beperformed, in addition to the setting contents as above. Thus, thecompound machine 10 may be allowed to perform the virus scan dependingon the type of access to the storage 160 as a storage region, that is tosay, to perform the virus scan at the time of installation of anapplication, at the time of on-demand working (user operation), at ascheduled time or at the time of data input or output.

The scan performing pattern table 174 is a table where a condition ofthe compound machine 10 and a range of a virus scan performed accordingto the condition of the compound machine 10 are associated with eachother. As an example, classification of the condition (“a materialchange related to the security has been made”, for instance), a concretecondition of the compound machine 10 that is detected (“the virusscanning function has been changed from an ineffective state to aneffective state”, for instance), and the range of a virus scan performedaccording to the condition of the compound machine 10 (“all regions”,for instance) are associated with one another in the scan performingpattern table 174, as illustrated in FIG. 4 . The scan performingpattern table 174 may be stored in advance or may be settable by theuser.

The connection section 180 connects the compound machine 10 and anotherapparatus to each other. For instance, the connection section 180 isconstituted of a USB interface, to which such a storage as a USB memory,or the like is connected. The connection section 180 may be constitutedof a device (antenna, for instance) for achieving short-range wirelesscommunications, such as Near-field communication (NFC) and Bluetooth(registered trademark), and thus be connectable with another apparatusthrough a short-range wireless communications means.

The communications section 190 communicates with another apparatus ordevice through a network such as a local area network (LAN) and a widearea network (WAN). The communications section 190 is constituted of acommunications device or communications module such as a networkinterface card (NIC) used for wired/wireless LAN, for instance. Thecommunications section 190 may include an interface (I/F) connectablewith a network (network I/F).

The communications section 190 may connect to a communications networksuch as a public network, a LAN, and the Internet so as to be capable ofusing a communications method such as faxing and electronic mailing totransmit data outside over the communications network.

1.2 Flow of Processing

Referring to FIG. 5 , main processing performed by the compound machine10 is described. For instance, the controller 100 reads, at a time whena power source is turned on, a program stored in the storage 160 so asto cause the main processing to be performed. In the followingdescription, the process for the quarantine against a virus, which isperformed by the quarantine processing unit 106, is assumed as the virusscan.

Initially, the controller 100 performs a boot up process (step S100).The boot up process is a process for putting the compound machine 10into a normal boot up state, namely, a process for feeding electricpower to the respective functional parts of the compound machine 10 orachieving a warmup of the image formation section 130, for instance.

Then, the controller 100 creates a state where the operation by the useris possible (step S102). For instance, the controller 100 displays ahome screen on the display section 140. The home screen includes aninstruction means (function buttons, for instance) for instructing touse the basic functions of the compound machine 10 including the copyingfunction and the scanning function. The user selects a function buttonso as to cause the compound machine 10 to perform a process (job) thatuses the function as selected by the user. The home screen may alsoinclude an instruction means (system setting buttons, for instance) forchanging the system settings for the compound machine 10. In thisregard, the controller 100 (the setting unit 104) may display thesetting screen on the display section 140 if a system setting button isselected. The settings for the compound machine 10 may be changed basedon an operation performed by the user on the setting screen.

Next, the controller 100 determines whether the setting concerningsecurity has been changed (step S104). The controller 100 determinesthat the setting concerning security has been changed if the conditionof the compound machine 10 has been stored in a “condition of compoundmachine” column of the scan performing pattern table 174, for instance.

If determining that the setting concerning security has been changed,the controller 100 (the quarantine processing unit 106) performs thevirus scan on a related region according to the condition of thecompound machine 10 (i.e., the content of the changed setting) (Yes instep S104→step S106).

For instance, the quarantine processing unit 106 performs the virus scanas stated below if the information illustrated in FIG. 4 is stored inthe scan performing pattern table 174.

(1) If the Virus Scanning Function has been Changed from “Ineffective”to “Effective”.

The quarantine processing unit 106 performs the virus scan on all theregions in the storage 160 of the compound machine 10 whenever the virusscanning function has been changed from “ineffective” to “effective”.

Depending on the condition of the compound machine 10 when the virusscanning function has been changed from “ineffective” to “effective”,the virus scan, which is performed on all the regions in the storage160, may hamper a basic function exerted by the compound machine 10 inuse. In that case, the quarantine processing unit 106 may be soscheduled as to perform the virus scan on all the regions in the storage160 within a period of time when frequency in the use of the compoundmachine 10 is low.

Even if the data region 168 is a sole region taken as a target for thevirus scan performed according to a normal schedule, for instance, thequarantine processing unit 106 changes the region as a virus scanningtarget to all the regions with respect to the virus scan, which isperformed first after the virus scanning function has been changed from“ineffective” to “effective”. As a result, the quarantine processingunit 106 is able to perform an appropriate virus scan withoutdeteriorating usability of the compound machine 10.

Thus, the quarantine processing unit 106 performs the virus scan on allthe regions in the storage 160, deeming that all the functions of thecompound machine 10 are influenced, if a material change has been madein a setting related to the security of the compound machine that is tosay, the virus scanning function has been changed from “ineffective” to“effective”, for instance. In other words, the quarantine processingunit 106 is capable of performing a more appropriate virus scan, whichleads to the improvement in security.

(2) If Setting of Hypertext Transfer Protocol Secure (HTTPS)/FileTransfer Protocol Secure (FTPS) has been Changed.

During the setting of Secure Sockets Layer (SSL) as a security settingfor the compound machine 10, setting of a function allowing input andoutput of data from and to an external device, such as HTTPS/FTPS, maybe changed. In that case, the quarantine processing unit 106 performsthe virus scan on the data region 168 and the spool region 166. In otherwords, if the setting of the function allowing input and output of datafrom and to an external device has been changed, the quarantineprocessing unit 106 performs the virus scan on regions related to suchchange (the data region 168 and the spool region 166) at the time of thechange even if the virus scan is periodically performed on the dataregion 168 and the spool region 166. The virus scan, which is performedon the data region 168 and the spool region 166, may hamper the basicfunction of the compound machine 10 in use depending on the condition ofthe compound machine 10. In that case, the quarantine processing unit106 may be so scheduled as to perform the virus scan on the data region168 and the spool region 166 within the period of time when frequency inthe use of the compound machine 10 is low. Alternatively, the quarantineprocessing unit 106 may take the data region 168 and the spool region166 as a virus scanning target in addition to a region set as a target(scanning target) for the virus scanning as scheduled before (thequarantine against a virus, which is periodically performed).

(3) If Setting of Simple Mail Transfer Protocol (SMTP)-SSL, LightweightDirectory Access Protocol (LDAP)-SSL or Syslog-SSL has been Changed.

During the setting of SSL as a security setting for the compound machine10, setting of a function allowing input and output by the system (OS,for instance) of the compound machine may be changed. In that case, thequarantine processing unit 106 performs the virus scan on the systemregion 162. If the setting of the function allowing input and output bythe system has been changed, the quarantine processing unit 106 performsthe virus scan on a region related to the change (the system region 162)at the time of the change even if the virus scan is periodicallyperformed on the system region 162. The virus scan, which is performedby the quarantine processing unit 106 on the system region 162, mayhamper the basic function of the compound machine 10 in use, similarlyto the above case (2). In that case, the quarantine processing unit 106may be so scheduled as to perform the virus scan on the system region162 within the period of time when frequency in the use of the compoundmachine 10 is low, or may take the system region 162 as a virus scanningtarget in addition to the region set as a target (scanning target) forthe virus scanning as scheduled before (the quarantine against a virus,which is periodically performed).

If any of the settings for the compound machine 10 has been changed, thequarantine processing unit 106 performs a process in step S106 so as toperform the virus scan on an appropriate region or appropriate regionsaccording to the changed setting. If a specified setting concerningsecurity has been changed as in the above cases (2) and (3), inparticular, the quarantine processing unit 106 performs the virus scanaccording to the changed setting more appropriately in a pinpointmanner. After the process in step S106 is completed, the processing bythe controller 100 returns to step S102.

If determining in step S104 that the setting concerning security has notbeen changed, the controller 100 determines whether to turn off a powersource of the compound machine 10 (No in step S104→step S108). If thepower source of the compound machine 10 is to be turned off, thecontroller 100 shuts off the power source of the compound machine 10(Yes in step S108→step S110). For instance, the controller 100 performsa logout process if the user still logs in the compound machine 10,stores the date and time when the power source is shut off as a log, andtransmits information notifying that the power source is shut off toanother apparatus through the communications section 190. If the powersource of the compound machine 10 is not to be turned off, theprocessing by the controller 100 returns to step S102 (No in stepS108→step S102).

1.3 Working Example

Referring to FIG. 6 , an example of a setting screen W100 is describedas a working example of the present embodiment. The setting screen W100is a screen used to carry out setting as to the virus scanning accordingto the normal schedule. The setting screen W100 is displayed if a“system setting” button is selected on the home screen and, moreover, anitem “virus scan setting” is selected from menu items on a securitysetting menu, for instance.

A button B100 is a button for causing a setting content input on thesetting screen W100 to be registered at the compound machine 10, so asto reflect the content of a changed setting in the compound machine 10.

An area E100 is an area where the setting as toeffectiveness/ineffectiveness of the virus scanning function is changed.The virus scanning function is set to be “ineffective” by default, forinstance. If the virus scanning function is ineffective, a checkbox, adropdown list, and a button that are displayed below the area E100 maybe made ineffective (may be grayed out or may not be displayed). In thatcase, the checkbox and the like displayed below the area E100 becomeoperable if the virus scanning function is changed to “effective” by theuser.

In the present embodiment, the virus scanning function is changed from“ineffective” to “effective” in the compound machine 10 if the virusscanning function is changed from “ineffective” to “effective” on thesetting screen W100 and the button B100 is selected. At that time, thevirus scan is performed by the quarantine processing unit 106 on all theregions in the storage 160.

An area E102 is an area where the setting as toeffectiveness/ineffectiveness of the virus scanning of input/output datais changed. The virus scanning of input/output data is set to be“effective” by default, for instance. If the virus scanning ofinput/output data is effective, the quarantine processing unit 106performs the virus scan on data to be input at a time when the data isinput from another apparatus such as a facsimile machine or anotherdevice such as a USB memory, and on data to be output at a time when thedata is output to another apparatus.

An area E104 is an area where the virus scan is set to or not to beperformed at a designated time. If a function to perform the virus scanat a designated time is effective, it is possible to set the time toperform the virus scan in an area E106, and set the virus scanningtarget (region or kind of data) in an area E108.

The spool region 166 is a region that the virus scan is performed ononly if input/output data is subjected to virus scanning. Therefore, asindicated in the area E108, designation of a region as a virus scanningtarget is not explicitly set.

A button B102 is a button (“perform scan at once” button) for performingthe virus scan instantaneously (performing the on-demand virus scan).The user performs an operation to select the button B102 so as to causethe compound machine 10 to perform the virus scan at the time when thebutton B102 is selected, apart from the virus scanning according toschedule.

In the area E108, among the system file, the installed application, andthe NAS-saved data, that is to say, among the system region 162, theapplication-specific data region 164, and the data region 168, thechecked region or regions are taken as a virus scanning target. In otherwords, the regions checked in the area E108 constitute targets for thevirus scanning both in the case where the virus scan is performed basedon the setting of the schedule when it is effective to “perform thevirus scan at a designated time” and in the case where the virus scan isperformed as a result of selection of the “perform virus scan at once”button.

In addition to the setting screen W100 illustrated in FIG. 6 , a screenfor carrying out setting concerning SSL may be capable of beingdisplayed on the display section 140 of the compound machine 10 as ascreen for carrying out the setting concerning security. The screen forcarrying out the setting concerning SSL is displayed if a menu item M100in FIG. 6 is selected, for instance. If a setting content is changedthrough the screen for carrying out the setting concerning SSL and anoperation to reflect the setting content after the change in thecompound machine 10 is performed, the compound machine 10 changes therelevant setting for the compound machine 10. At this time, thequarantine processing unit 106 performs the virus scan on acorresponding region according to the changed setting. Thus, the virusscan is only performed on the region, which is influenced by the changeof the setting, so that the virus scan normally ends in a short timewith a less load on the compound machine 10. Since the virus scan isperformed immediately after the change of the setting, virus detectionis instantaneously put into practice.

The above description is made under the assumption that the process forthe quarantine against a virus is the virus scan, while, in addition tothe virus scan, a process for disinfection of a virus or a process forisolating or deleting data infected with a virus may be performed as theprocess for the quarantine against a virus.

As described above, the compound machine 10 in the present embodimentperforms the process for the quarantine against a virus such as thevirus scan according to a setting situation of the settings concerningsecurity or the fact that an operation to change the setting situationhas been performed. In particular, the compound machine 10 in thepresent embodiment performs the virus scan on a necessary place (region)at a necessary time according to the setting content as changed duringthe change in setting. In other words, the compound machine 10 in thepresent embodiment appropriately performs the virus scan and thusprotects the compound machine 10 itself from a malicious attack.

Unlike the conventional technology, the compound machine 10 in thepresent embodiment does not perform the virus scan on all the regions inthe storage 160 in every case but performs the virus scan on a necessaryregion (appropriate range of virus scanning) according to the settingcontent or setting situation as changed. In other words, if a change insetting related to the security has been made, the virus scan isperformed on at least an influenced region. As a result, the virus scanends in a short time with a less load on the compound machine 10. Thus,the compound machine 10 in the present embodiment is capable of avoidingsuch problems as arising in that it takes a long time to perform thevirus scan and that the virus scan prevents other operations.

2. Second Embodiment

Next, a second embodiment is described. The second embodiment is anembodiment where the processing in the first embodiment is carried out,and in addition, the virus scan is only performed on an influencedregion or data according to a setting situation of functions of acompound machine and a condition of the compound machine, and timing ofperformance of the virus scan is changed. For the present embodiment,FIGS. 2, 3, 4, and 5 in the first embodiment are replaced by FIGS. 7, 8,9, and 10 , respectively. The identical functional parts and processesare given the identical reference signs, and the description on suchfunctional parts and processes is omitted.

2.1 Functional Configuration

Referring to FIG. 7 , a functional configuration of a compound machine12 in the present embodiment is described. The compound machine 12 isdifferent from the compound machine in that the controller 100 alsoserves as a data deletion unit 108.

The data deletion unit 108 realizes a function to automatically deletedata (an image, for instance) input from an external device according toa situation of performance of a job based on the data. For instance, thedata deletion unit 108 deletes data in the following cases.

-   -   (1) If a job based on the data has been completed (a case of        automatic erasure after the completion of a job).    -   (2) If a job based on the data is not performed and as such        meets a specified condition (a case of setting as to automatic        deletion of a stopped job).

The specified condition in the case (2) means that a specified time haselapsed since the input of the data, that the compound machine 12 doesnot have a function nor include an option (such as a device fitted tothe compound machine 12 from outside) for processing the input data, orthe like.

Thus in the present embodiment, if an “automatic erasure after thecompletion of a job” function is effective and if a “setting as toautomatic deletion of a stopped job” function is effective, datarelating to the job in question is automatically deleted by the datadeletion unit 108. If the above functions are ineffective, even datathat can automatically be deleted is not deleted and remains stored inthe data region 168. The data, which can automatically be deleted,remains stored in the data region 168, so that the user is able tore-perform the job based on the data.

In the present embodiment, the setting table 172 includes informationillustrated in FIG. 8 . As illustrated in a section D200 in FIG. 8 ,information notifying that the “automatic erasure after the completionof a job” function is effective or ineffective and information notifyingthat the “setting as to automatic deletion of a stopped job” function iseffective or ineffective are stored in the setting table 172 in additionto the information as included in the table illustrated in FIG. 3 . Inother words, a setting content relating to the function to automaticallydelete input data is stored in the setting table 172, and the settingunit 104 allows setting as to the function to automatically delete inputdata.

In the present embodiment, the scan performing pattern table 174includes information illustrated in FIG. 9 . In the scan performingpattern table 174 in the present embodiment, the timing of performanceof the virus scan (“at the time of change in setting”, for instance) isassociated with the information as included in the table illustrated inFIG. 4 . As a result, the quarantine processing unit 106 performs thevirus scan according to the condition of the compound machine 12, on avirus scanning range associated with the condition under timing ofperformance associated with the condition.

As illustrated in a section D202 in FIG. 9 , the scan performing patterntable 174 in the present embodiment includes “input of data” classifiedas a condition of the compound machine 12. In particular, in the presentembodiment, the virus scan is performed according to the condition ofthe compound machine 12 if the data input from the external device isnot deleted by the data deletion unit 108 but remains stored in the dataregion 168 in the storage 160.

2.2 Flow of Processing

Referring to FIG. 10 , main processing performed by the compound machine12 in the present embodiment is described. In the present embodiment, ifdetermining that the setting concerning security has not been changed,the controller 100 determines whether the data, which can automaticallybe deleted, has not been deleted (No in step S104→step S200). Ifdetermining that the data, which can automatically be deleted, has beendeleted, the controller 100 performs a process in step S108 (Yes in stepS200→step S108).

If determining that the data, which can automatically be deleted, hasnot been deleted, the controller 100 (the quarantine processing unit106) performs the virus scan on an influenced region according to thedata (No in step S200→step S106). For instance, the quarantineprocessing unit 106 performs the virus scan as stated below if theinformation illustrated in FIG. 9 is stored in the scan performingpattern table 174.

(1) If the “automatic erasure after the completion of a job” function isineffective. If the “automatic erasure after the completion of a job”function is ineffective and data related to the job (targeted job) asperformed is stored in the data region 168, the quarantine processingunit 106 performs the virus scan on the data region 168, in which thedata is stored, after the completion of the targeted job.

Even if a function to “perform the virus scan on input/output data” iseffective, the quarantine processing unit 106 performs the virus scan onthe data region 168 not only at the time of data input or output butafter the completion of the targeted job.

If the “automatic erasure after the completion of a job” function ischanged to “effective”, data related to a targeted job is not stored inthe data region 168 after the completion of the targeted job, so thatthe data region 168 escapes such influence that the input data remainsstored in the data region 168. Consequently, the quarantine processingunit 106 does not need to perform the virus scan on the data region 168after the completion of the job if the “automatic erasure after thecompletion of a job” function is changed to “effective”.

(2) If the “setting as to automatic deletion of a stopped job” functionis effective. If the “setting as to automatic deletion of a stopped job”function is effective and data is input so as to input a job, thequarantine processing unit 106 performs the virus scan on data relatedto the job (targeted job) during the performance of the targeted job(immediately before the performance of the job).

Virus scanning of data is commonly carried out at the time of input ofthe data. The quarantine processing unit 106, however, changes thetiming of performance of the virus scan so as to perform the virus scanon the data related to the targeted job not at the time of input of thetargeted job but immediately before the performance of the targeted job.Thus, the quarantine processing unit 106 performs the virus scan on dataimmediately before the performance of a targeted job so as toappropriately perform the virus scan without affecting other(preferential) job that may be delayed by a virus scan performed at thetime of input of the data.

Even if data was input, the quarantine processing unit 106 may omit toperform the virus scan on the data if a job based on the data hasautomatically been deleted by the data deletion unit 108 as a stoppedjob. If the “setting as to automatic deletion of a stopped job” functionis ineffective, the quarantine processing unit 106 may perform the virusscan on data related to a stopped job.

As described on the above cases (1) and (2), if the data, which canautomatically be deleted, has not been deleted, the quarantineprocessing unit 106 performs the quarantine against a virus (the virusscan) on the data at a time corresponding to the setting of the“automatic erasure after the completion of a job” function or the“setting as to automatic deletion of a stopped job” function.

As described above, the compound machine 12 in the present embodimentperforms the virus scan on an appropriate region or target (data) at anappropriate time if the setting situation or the content of an operationby the user, such as input of data, has brought about a situation wherevirus scanning is required. Consequently, the compound machine 12 in thepresent embodiment performs the virus scan only on an influenced regionor changes the timing of performance of the virus scan according to theset function, which makes it possible to avoid such problems as arisingin that it takes a long time to perform the virus scan and that thevirus scan prevents other operations.

3. Third Embodiment

Next, a third embodiment is described. Unlike the first embodiment, thethird embodiment is an embodiment where, if an abnormality has beendetected in a compound machine, the virus scan is performed on anappropriate region according to the detected abnormality. For thepresent embodiment, FIGS. 2, 3, and 5 in the first embodiment arereplaced by FIGS. 11, 12 , and 13, respectively. The identical processesare given the identical reference signs, and the description on suchprocesses is omitted.

3.1 Functional Configuration

Referring to FIG. 11 , a functional configuration of a compound machine14 in the present embodiment is described. The compound machine 14 isdifferent from the compound machine 10 in that the controller 100 alsoserves as an abnormality detection unit 110. The abnormality detectionunit 110 detects an abnormality that has occurred in the compoundmachine 14. In particular, the abnormality detection unit 110 in thepresent embodiment realizes a “mandatory access control” function of thecompound machine 14, and detects an abnormality of an applicationexecuted by the compound machine 14. Specifically, the abnormalitydetection unit 110 detects the following abnormalities.

-   -   (1) Execution of an abnormal application.    -   (2) Abnormal quit of an application.

The abnormal application refers to, for instance, an application notincluded in the applications whose execution is permitted by the“mandatory access control” (whitelist) function, which is set in advancefor the compound machine 14. In other words, the abnormal applicationrefers to an application not included in a whitelist set in advance,namely, an application not assumed to be executed.

In the present embodiment, the setting table 172 includes informationillustrated in FIG. 12 . As illustrated in FIG. 12 , setting related tothe “mandatory access control” function (a section D300 in FIG. 12 ) isstored in the setting table 172 in addition to the information asincluded in the table illustrated in FIG. 3 .

Specifically, a function to perform the virus scan when an applicationhas an abnormality (that is to say, when an abnormality of anapplication has been detected) is settable to be effective orineffective, as the “mandatory access control” function.

The setting table 172 further includes a list of applications whoseexecution is permitted (whitelist: a section D302 in FIG. 12 ), and apath of an added scanning target (a section D304 in FIG. 12 ). In thepath of an added scanning target, a place taken as a virus scanningtarget is stored in addition to the storage 160 of the compound machine14 if an abnormality of an application has been detected. The path of anadded scanning target may indicate a specified region (storage region)in the storage 160 of the compound machine 14.

3.2 Flow of Processing

Referring to FIG. 13 , main processing performed by the compound machine14 in the present embodiment is described. In the present embodiment,after a state where operation is possible is created, the controller 100(the abnormality detection unit 110) determines whether an abnormalityof an application has been detected (step S300). If determining that anabnormality of an application has not been detected, the controller 100performs the process in step S108 (No in step S300→step S108).

If determining that an abnormality of an application has been detected,the controller 100 (the quarantine processing unit 106) performs thevirus scan on a region related to the application (Yes in step S300→stepS302). The region related to the application refers to any of thefollowing regions.

-   -   (1) The application region 1624 in the system region 162.    -   (2) The application-specific data region 164.    -   (3) The application region 1686 in the data region 168.

Further, the controller 100 (the quarantine processing unit 106) refersto the setting table 172 so as to perform the virus scan on a regionindicated by the registered path of an added scanning target (stepS304).

After a process in step S304 is performed, the processing by thecontroller 100 returns to step S102. The quarantine processing unit 106may be made to perform the virus scan on all the regions in the storage160 if a virus has been found in step S302 or S304.

As described above, the compound machine 14 in the present embodimentperforms the virus scan on a virus scanning target (application region)if the execution of an abnormal (unexpected) application or an abnormalquit of an application has been detected with the “mandatory accesscontrol” (whitelist) function. The compound machine 14 in the presentembodiment also performs the virus scan on a storage region of a pathregistered in setting of the “mandatory access control” (whitelist)function. Thus, even if an abnormality related to an application hasbeen detected, the compound machine 14 in the present embodiment is putinto a secure state by performing the virus scan on an appropriateregion.

4. Fourth Embodiment

Next, a fourth embodiment is described. Similarly to the thirdembodiment, the fourth embodiment is an embodiment where, if anabnormality has been detected in a compound machine, the virus scan isperformed on an appropriate region according to the detectedabnormality. In the description below, it is assumed that a compoundmachine in the present embodiment detects damage to firmware as anabnormality of the compound machine. For the present embodiment, FIG. 13in the third embodiment is replaced by FIG. 14 . The identical processesare given the identical reference signs, and the description on suchprocesses is omitted.

4.1 Functional Configuration

A compound machine 14 in the present embodiment has the sameconfiguration as the configuration illustrated in FIG. 11 in the thirdembodiment. An abnormality detection unit 110 in the present embodimentdetects an abnormality of firmware of the compound machine 14 (such asdamage to the firmware).

4.2 Flow of Processing

Referring to FIG. 14 , main processing performed by the compound machine14 in the present embodiment is described. In the present embodiment,after the process in step S100 is performed, the controller 100 (theabnormality detection unit 110) conducts a firmware check at the time ofboot up (step S400). For instance, the abnormality detection unit 110checks whether firmware stored in the firmware region 1622 is anappropriate firmware and, if the stored firmware is not an appropriatefirmware, attempts to detect damage to the firmware.

Next, the controller 100 (the abnormality detection unit 110) determineswhether the damage to the firmware has been detected by the firmwarecheck (step S402).

If determining that the damage to the firmware has been detected, thecontroller 100 makes the basic functions of the compound machine 14unavailable and carries out rollback (reinstallation) of firmware (Yesin step S402→step S404). For instance, the controller 100 acquiresfirmware from a device where the firmware is stored or acquires firmwarethat was previously stored in the storage 160 as a backup, so as tostore the acquired firmware in the firmware region 1622.

At this time, the controller 100 (the quarantine processing unit 106)performs the virus scan on the firmware obtained by the rollback (stepS406). In other words, the quarantine processing unit 106 performs thevirus scan on the firmware itself, which is to be installed. Thequarantine processing unit 106 may perform the virus scan on thefirmware region 1622, in which the firmware is stored in step S404.

After a process in step S406 is performed, the processing by thecontroller 100 returns to step S100. If a virus has been detected instep S406, the controller 100 may interrupt the processing illustratedin FIG. 14 and notify that a virus has been detected in the firmwareobtained by the rollback. For instance, the controller 100 displays amessage stating that a virus has been detected in the firmware obtainedby the rollback on the display section 140 or sends an electronic mailcontaining such message to a specified user (a manager of the compoundmachine 14, for instance).

If determining in step S402 that the damage to the firmware has not beendetected, the controller 100 performs a process in step S102 (No in stepS402→step S102). Then, if virus scanning is possible, the controller 100(the quarantine processing unit 106) performs the virus scan (Yes instep S408→step S410). With respect to the virus scan in step S410, thequarantine processing unit 106 may omit the virus scan on the firmwareregion 1622. If virus scanning is not possible, the controller 100performs the process in step S108 (No in step S408→step S108).

The controller 100 performs the processing illustrated in FIG. 14 so asto perform the virus scan not on all the regions in the storage 160 buton the firmware itself if the damage to the firmware is detected.

If the virus scan is performed on all the regions in the storage 160when the damage to the firmware is detected, there is the danger that adamaged state of the firmware may be worsened, or a long time elapsesbefore the restoration of the firmware, which may increase the danger.Consequently, if the firmware is damaged, it is important to restore thefirmware, so that it is important to confirm by checking that thefirmware to be installed for restoration has no problems with condition.The controller 100 in the present embodiment only performs the virusscan on the firmware to be installed for restoration if the damage tothe firmware has been detected, so as to confirm in a short time thatthe firmware to be installed for restoration has no problems withcondition, which makes it possible to reduce time elapsing before therestoration of the firmware.

The controller 100 (the quarantine processing unit 106) may perform thevirus scan on all the regions in the storage 160 after installation ofthe firmware. As an example, if the damage to the firmware has not beendetected in step S402 after the reinstallation of the firmware, thequarantine processing unit 106 performs the virus scan on all theregions in the storage 160 before the process in step S102 is performed.

As described above, if the damage to the firmware has been detected, thecompound machine 14 in the present embodiment carries out the rollbackof the firmware, and performs the virus scan on the firmware, which isat least an influenced region (data). As a result, the time elapsingbefore the restoration of the firmware is reduced. The compound machine14 in the present embodiment performs the virus scan on all the regionsin the storage 160 after the restoration of the firmware so as to reacha securer state.

5. Modifications

The present disclosure is not limited to any of the embodiments asabove, and various changes are possible. In other words, an embodimentthat is obtained by combining technical means appropriately changedwithout departing from the gist of the present disclosure falls within atechnical scope of the present disclosure.

For convenience of description, the above embodiments are sometimesdescribed individually, while it is a matter of course that acombination can be made within a technically possible range. Forinstance, the first embodiment and the fourth embodiment may be combinedwith each other. Such combination makes the compound machine capable ofperforming the virus scan not only based on the settings but when achange in setting concerning security has been made and when anabnormality of the firmware has been detected.

The programs, which are to run in the respective apparatuses in theabove embodiments, are each a program for controlling the CPU or thelike (program for causing a computer to function) so that the abovefunctions of the relevant embodiment may be realized. The information,which is to be dealt with in the apparatuses, is temporarily accumulatedin a transitory storage (RAM, for instance) during the processing of theinformation, then stored in various storages such as a read-only memory(ROM) and an HDD, and read by the CPU as required so as to correct andwrite the information.

The recording medium, which is used to store the programs, may be any ofa semiconductor medium (such as a ROM and a non-volatile memory card),optical and magneto-optical recording media (such as a digital versatiledisc (DVD), a magneto-optical disc (MO), a mini disc (MD), a compactdisc (CD), and a Blu-ray (registered trademark) disc (BD)), and amagnetic recording medium (such as a magnetic tape and a flexible disk).The loaded programs are executed to realize the above functions of theembodiments and, on a certain occasion, processing performed incooperation with the operating system or another application programbased on instructions from the programs realizes a function of thepresent disclosure.

If distributed on the market, the programs can be stored in a portablerecording medium and as such distributed, or transferred to a servercomputer connected through a network such as the Internet. In the lattercase, it is a matter of course that a storage of the server computer isincorporated into the present disclosure.

What is claimed is:
 1. An image forming apparatus comprising: a setterthat performs setting of a system; an image former that forms an imageaccording to the setting; and a processor that performs a process for aquarantine against a virus, wherein the setter performs settingconcerning security, and wherein the processor implements the quarantineagainst a virus if the setting concerning security has been changed. 2.The image forming apparatus according to claim 1, wherein, if thesetting concerning security has been changed, the processor implementsthe quarantine against a virus with respect to a region corresponding toa content of the setting as changed.
 3. The image forming apparatusaccording to claim 2, wherein the processor takes, as a target for thequarantine against a virus, the region corresponding to the content ofthe setting concerning security as changed in addition to a region takenas a target for the quarantine against a virus, which is periodicallyimplemented.
 4. The image forming apparatus according to claim 1,wherein the setter implements setting as to a function to automaticallydelete an image as input, and wherein, if the image, which canautomatically be deleted, has not been deleted, the processor implementsthe quarantine against a virus with respect to the image, at a timecorresponding to the setting, which is performed by the setter.
 5. Theimage forming apparatus according to claim 4, wherein the processorimplements the quarantine against a virus with respect to the image,when a job based on the image is performed.
 6. The image formingapparatus according to claim 1, further comprising a detector thatdetects an abnormality, wherein, if an abnormality has been detected bythe detector, the processor implements the quarantine against a virusaccording to the abnormality as detected.
 7. The image forming apparatusaccording to claim 6, wherein the detector detects execution of anapplication whose execution is not permitted and an abnormal quit of anapplication, and wherein, if an abnormality has been detected by thedetector, the processor implements the quarantine against a virus withrespect to a region where an application is stored.
 8. The image formingapparatus according to claim 6, wherein the detector detects damage tofirmware upon boot up, and wherein, if an abnormality has been detectedby the detector, the processor implements the quarantine against a viruswith respect to firmware to be reinstalled.
 9. A control method for anapparatus including an image former to form an image according tosetting and a processor to perform a process for a quarantine against avirus, the control method comprising: implementing setting of a system;and implementing the quarantine against a virus if setting concerningsecurity has been changed.